In this paper we describe the architectural solution defined and implemented to ensure secure interoperability among Information Technology (IT) systems managing Personal Data Registries in Italian Municipalities and Ministry of Interior. The architecture features a clear separation between security services, provided at an infrastructure level, and application services, exposed on the Internet as Web Services. This approach has allowed to easily design and implement secure interoperability, since - notwithstanding the huge variety of IT solutions deployed all over the Italian Municipalities to manage Personal Data Registries - existing application services have not required major changes to be able to interoperate.

Abstract: In this paper we present a computational infrastructure, the Security Backbone, which is able to satisfy security requirements arising from resource sharing and services interoperability in Grid-like environments, without having to rely on a Public-Key Infrastructure (PKI). Motivation of our approach is rooted in the well-known difficulties encountered to show that interoperability of PKIs is effective or efficient in real-world environments. The proposed solution uses a security layer, lying between the communication and the application level, which provides confidentiality, integrity and authentication services in a fully transparent way from the application point of view, thus enabling the deployment of distributed network applications satisfying the highest security constraints, at a very low organizational and financial cost. Moreover, we have designed a service for scalable and flexible management of authorization policies governing access to resources shared by members of a Virtual Organization, by improving on the Community Authorization Service distributed with the

Abstract not found

In this paper we describe the overall process of deployment of the Italian Electronic Identity Card: the way it is issued, services it is used for, organizations involved in the process, and the Information Technology (IT) infrastructure enabling the effective management of the whole process while ensuring the mandatory security functions. Organizational complexity lies in the distribution of responsibilities for the management of Personal Data Registries (on which identity of people is based) which is an institutional duty of the more than 8000 Italian municipalities, and the need of keeping a centralized control on all processes dealing with identity of people as prescribed by laws and for national security and police purposes. Technical complexity stems from the need of efficiently supporting this distribution of responsibilities while ensuring, at the same time, interoperability of IT-based systems independent of technical choices of the organizations involved, and fulfilment of privacy constraints. The IT architecture defined for this purpose features a clear separation between security services, provided at an infrastructure level, and application services, exposed on the Internet as Web Services. This approach has allowed to easily design and implement secure interoperability, since - notwithstanding the huge variety of IT solutions deployed all over the Italian Municipalities to manage Personal Data Registries - existing application services have not required major changes to be able to interoperate.

Certifying the execution of a service is a critical issue for an e-government infrastructure. In fact being able to document that an e-service was actually carried out, given the legal value that is often attached to data managed and exchanged by public administrations, is of the utmost importance. This is made more complex in cases, like it often happens in the public administration sector, where e-services are based on legacy systems managed by autonomous and independent organizations. In this paper we discuss the introduction, within the standard three tier architecture for e-services, of an architectural subsystem providing certification functions. This architecture features both physical and functional independence from the application level and is made up by new control components providing a highly efficient solution for certification requirements. Our solution has been successfully tested in real-world systems developed in Italy to support digital government functions.